const express = require('express');
const router = express.Router();
const userController = require('../controllers/userController');
const authorize = require('../middleware/authz'); // 引入权限检查中间件

// 创建用户 (需要 user:create 权限)
router.post('/', authorize('user:create'), userController.createUser);

// 获取用户列表 (需要 user:query 权限)
router.get('/', authorize('user:query'), userController.getUsers);

// 获取用户分页数据 (需要 user:query 权限)
router.get('/page', authorize('user:query'), userController.getUserPage);

// 根据 ID 获取用户 (需要 user:query 权限)
router.get('/:id', authorize('user:query'), userController.getUserById);

// 更新用户 (需要 user:update 权限)
router.put('/:id', authorize('user:update'), userController.updateUser);

// 删除用户 (需要 user:delete 权限)
router.delete('/:id', authorize('user:delete'), userController.deleteUser);

module.exports = router;